F-Secure recently published a new report, and their findings are disturbing.

The click rates on spam emails increased to 14.2 percent for the second half of 2017, up from 13.4 percent reported in the first half of 2017.

The increase seems to be driven by two factors.

First, more intense targeting of smartphone users, who are typically more distracted and not paying as much attention when opening and reading emails.

Second, a slight increase in sophistication.  For instance, an email that appears to come from a known sender is 12 percent more likely to be opened and responded to, so hackers are using this approach more often.

Even so, the report isn’t all bad news.  While spam is still the most common means of attack, it’s highly inefficient, relying on brute force (volume) rather than an abundance of sophistication.  Second, the report reveals that 85 percent of malicious attachments are made up of just five file types:

• *.7z
• *.PDF
• *.XLS
• *.DOC
• *.ZIP

Knowing this, a savvy user who’s paying attention can more easily avoid falling into the trap of the hackers.

Other highlights from the report include:

• 46 percent of all spam campaigns are related to online dating
• 23 percent contain the malicious attachments described above
• 31 percent contain links to malicious websites

Sean Sullivan, an F-Secure Security Advisor had this to say about the report:

“We’ve reduced criminals to spam, one of the least effective methods of infection.  Anti-malware is containing nearly all commoditized bulk threats.  And honestly, I don’t see anything coming over the horizon that could lead to another gold rush, so criminals are stuck with spam.”

Overall, the report is bad news mixed with some good.  One thing it clearly underscores is the continuing importance of ongoing email education for all employees of companies of any size.